This is one of the greatest features of Apache that I’ve found yet. We have an application that offers some web services, but runs on a Windows server. We don’t want to put the Windows server on the front lines, so we proxy requests from a Linux Apache server to the Windows server behind the firewall.

To make this work, you have to enable the proxy. Here’s what the proxy directives look like in our httpd.conf file:

<IfModule mod_proxy.c>
ProxyRequests On
<Directory proxy:*>
Order deny,allowDeny from all
Allow from 10.0.1.0/16
</Directory>
</IfModule>

The nice thing about this configuration is that it will allow anything on our internal network to be proxied through, but external requests get denied (that’s what the Allow from part does). We only consume the web services internally (server processes or wrapper pages that control access), so this lets us make the output from the services available without actually exposing the Windows web server on the wild web.

To make the services description language available, you can add a <files> section and specify the extensions you want to let through from an external source (add this inside the IfModule block):

<Files "*.wsdl">
Order deny,allowDeny from none
Allow from all
</Files>

Now we can advertise the services publicly, even though we only satisfy them locally.

You then need to set up the virtual host sections for the proxied web sites. The virtual directory for the web services application should already be set up on the Windows server. In this directive, you specify the name of the directory to watch for, and then the http mapping to remote virtual directory on the Windows box.

No Responses to “Apache module mod_proxy”

Well, when I wrote this I didn’t have a good way to test it outside our firewall. A friend of mine showed up online and tried it… my Allow from trick didn’t work a crap. Instead I had to go back and add File blocks for all the stuff I wanted to let through. Oh well. It’s still a very cool feature that helps me protect my Windows machine from the bad guys.